The management of risk is a key element of modern business practices. All businesses, families and individuals experience potential losses from natural disasters (fire, flood, hurricane, typhoon, etc.), man made events (terrorist acts, bomb, criminal disruption), lawsuits, and accidents. Risk management is the art and science of predicting these potential losses and developing an efficient plan to manage them if and when they occur.
Virtual Assets are Important
In the “New Economy” the assets of business entities are transitioning from traditional hard assets such as bricks and mortar to virtual assets such as web presence, transactions per hour, rate of service, and so on, or relying solely on such virtual assets. Now more than ever the electronic presence of the corporation determines immediate market capitalization as well as long term profitability and viability. Interruption of digital services can pose long-term financial repercussions well beyond the initial financial losses due to interruption.
Traditional Insurance Approaches are not Adequate
Traditional methods of insurance are not properly structured to address the volatile risk involved in the transitional business methodologies employed in the emerging financial and business environment. In order to better understand the nature of the current insurance business process problem it is helpful to review historical and current methods in insurance.
Justice Black in the 1943 Southeastern Underwriters Association decision wrote, “Perhaps no modern commercial enterprise directly affects so many persons in all walks of life as does the insurance business. Insurance touches the home, the family, and the occupation or business of almost every person in the United States.”
Insurance is a financial arrangement for redistributing the costs of unexpected losses according to a legal contract whereby an insurer agrees to compensate an insured for losses. A loss can be defined as an undesired, unplanned reduction of economic value. A chance of loss represents the probability of a loss. It is a fraction whose numerator represents the number of losses, and whose denominator represents the number of exposures to loss.
A peril is the cause of a loss. In traditional environments this could be a physical event like a flood; in the new economy this could be a computer virus. Hazards are conditions that serve to increase the frequency or severity of perils. Traditionally this might be an unsafe scaffolding; in electronic business this might be a faulty server load balancing device or a database with a bug.
Direct losses refer to the loss of property. Normally this is the loss of a physical tangible asset; in the new economy this could be the loss of data or the loss of users due to system downtime. Traditionally, indirect losses result from the loss of use of property. For instance, ripple effects in a business that has experienced critical down time may be viewed as indirect losses.
Risk can be defined as the variability in the possible outcomes of an event in some general environment based on chance or uncertainty concerning loss. The degree of risk refers to the accuracy with which an event based on chance can be predicted. Pure risk exists when a loss or an unchanged state occurs as only as the result of an event based on chance. If one may gain as a result of chance, the situation is described as a speculative risk.
In the new economy, data itself is normally not insured because it is subject to pure risk. That is, the chance of data damage or data loss is viewed, as a practical matter, as being so unpredictable that the risk to data is a pure risk. Providing insurance for pure risks is not traditionally considered a good business model for an insurance underwriter.
Traditional environments have a series of clearly defined variables that allow an accurate prediction of risk and thus an avoidance of pure risk. In transactions-based environments as well as web-based environments, such variables have been in many ways non-definable. It is ironic that the Internet and the electronic economy, which have in some ways been great equalizers in business and personal achievement, have also introduced such a volatile set of undefined, distributed, and fluctuating variables. In a traditional setting a large organization had a greater opportunity to complete larger transactions with greater risk. This was offset by a greater infrastructure, and related financial reserves. Now a small business often has just as much opportunity to do a large transaction. Competition margins have been compressed, and competitive activities accelerated.
The speed of transactions in this environment and the variable value per transaction have introduced a new set of risks that are somewhat nebulous and hard to define. Traditionally transactions and a business would grow within a limited growth curve. Now a business and its related customer base can grow at an exponential rate with every transaction completely unrelated to the last, in the sense that each and every transaction within a series may or may not increase risk at an exponential rate. In the new economy, hazards are also often localized rather than spread out.
Traditionally the law of large numbers is a basis for averaging risks, which allows insurers to predict losses accurately. This mathematical rule states that the greater the number of observations of an event based on chance, with each given occurrence of the event independent of each other occurrence, the more closely will the actual percentage of a particular result approximate the expected percentage of that result. In the old economy this prediction worked within reasonable parameters, e.g., along a predictable bell curve X number of 40 year olds will die or Y number of businesses will experience catastrophic losses.
However the law of large numbers assumes that a large group of businesses or people will experience a series of unrelated events or risks at different times in different places. For instance, in a model based on the law of large numbers the death of a particular individual in the population does not significantly change the risk with respect to other individuals. This rule does not account for the concentration of relatively large assets and related interests within relatively small geographic location.
For instance, in a web-based high speed transaction environment a significant portion of a large organization's potential loss or gain may depend on a single network server. Further risk concentration issues are created by the mass deployment of shared data centers and web hosting facilities. For example, if a catastrophic event occurred at just one data center owned by a large data center/web hosting/E-commerce facility, then the valuations of many of the “hot” new economy companies would tumble, their critical transactions would cease, and significant ripples could be felt throughout the economy as a whole. From a business insurance underwriting point of view, the law of large numbers would be defeated as this “isolated” catastrophic disaster would not affect just one business, but literally thousands.
Traditionally, the components of an insurance premium are the cost of losses, the expenses of operating the insurance company, the reserves needed for the unexpected losses, and the investment earnings available when premiums are paid in advance. The undefined risks and concentration issues related to an electronic economy makes the cost of losses and the reserves into something viewed, as a practical matter, as pure risk. Pure risk is the realm of a compulsive gambler, not an insurance underwriter.
Thus, there is a need for different or complementary tools and techniques for risk management of data and of connectivity or online responsiveness as assets of a business. More particularly, there is a need for better tools and techniques for providing appropriate insurance coverage of such assets. The present invention is directed toward this need.